KCM GRC Managed Templates

KCM’s Compliance Management module comes with over 100 managed compliance templates maintained by KnowBe4. These pre-built templates are available for some of the most common regulations such as PCI, Cloud Security Alliance, Center for Internet Security, NIST, HIPAA, FFIEC, Secure Controls Framework, GDPR, FedRAMP, AICPA SSAE18, and more.

Cloud Computing Compliance Control Catalogue v9.2017
Internet of Things Assessment Questionnaire
ISO 27001 2013
ISO 27001 2013 Annex
ISO 27002 v2013
Payment Application Data Security Standard
PCI DSS Appendix A v3.2.1
PCI DSS Self Assessment Questionnaire A v3.2.1
PCI DSS Self Assessment Questionnaire A-EP v3.2.1
PCI DSS Self Assessment Questionnaire B v3.2.1
PCI DSS Self Assessment Questionnaire B-IB v3.2.1
PCI DSS Self Assessment Questionnaire C v3.2.1
PCI DSS Self Assessment Questionnaire C-VT v3.2.1
PCI DSS Self Assessment Questionnaire D Merchants v3.2.1
PCI DSS Self Assessment Questionnaire D Service Providers v3.2.1
PCI DSS Self Assessment Questionnaire P2PPE v3.2.1
Secure Software Lifecycle Requirements and Assessment Procedures
VDA - Trusted Information Security Assessment Exchange v4.1.1
General Data Protection Regulation (GDPR) v1.0
Privacy Shield Framework - EU-US v1.0
Restrictions of Hazardous Substances (EU Directive 2015/863)

Templates by Country

Australian Prudential Standard CPS 234 v7.2019
Australian Privacy Act v12.2018
Australian Signal Directive Information Security Manual_v3.2019
MDSAP - Australia: Therapeutic Goods (Medical Devices) Regulations 2002 v7.2019
Brazilian Internet Law v2018
MDSAP - Brazil: RDC v1.0
Canada's Anti-Spam Legislation (CASL) v2019
Freedom of Information and Protection of Privacy Act v11.2019
MDSAP - Canada: Medical Devices Regulations v6.2019
Personal Information Protection and Electronic Documents Act (PIPEDA) v. SC 2000, c. 5
Cayman Islands Data Protection Law v6.2017
Cybersecurity Law of the People’s Republic of China
German Federal Data Protection Act_6.2017
MDSAP - Japan: MHLW MO 169 v2014
Portugal Data Protection Law v1.2019
Singapore Personal Data Protection Act v11.2012
Technology Risk Management Checklist Framework - Monetary Authority of Singapore
Protection of Personal Information Act (POPI Act)
South Africa - Protection of Personal Information Act (POPI Act)
Privacy Shield Framework - Swiss-US v2017
Financial Conduct Authority Handbook (UK) v4.2019
Lexcel England and Wales for In-house Legal Departments v6.1
Lexcel England and Wales for Legal Practices v6.1
HMG Security Policy v1.0
Lexcel International v5.1
UK Anti Bribery Statute Adequate Procedures Checklist

UK Cyber Security Essentials 2.1 
UK Data Protection Act v2018
UK Data Security and Protection Toolkit v20-21
UK Ministry of Defence - Defence Standard 05-138 Issue 2
UK Public Sector Network Code of Connection v1.31
ACCSC Self Evaluation 2015
American Land Title Association Assessment Procedures v3.0
Association of Corporate Counsel - Model Information Protection and Security Controls for Outside Counsel v2017
Bank Secrecy Act Examination Manual v2014
California Consumer Privacy Act Final Text
CIS Critical Security Controls Implementation Group 1 7.1
CIS Critical Security Controls Implementation Group 2 7.1
CIS Critical Security Controls Implementation Group 3 7.1
CJIS Security Policy v5.9
Cloud Security Alliance - CCM v3.0
Customs Trade Partnership Against Terrorism (CTPAT) v3.2020
Cybersecurity Maturity Model Certification (CMMC) (Levels 1 through 5)
DFARS NIST 800-171 SA v11.2017
Electricity Subsector Cybersecurity Capability Maturity Model v2014
FDA 21CFR11 v4.2019
FedRAMP High Baseline Controls v8.2018
FedRAMP LI-SaaS Baseline v8.2018
FedRAMP Low Baseline Controls v8.2018
FedRAMP Moderate Baseline Controls v8.2018
FERPA v12.2011
FFIEC Cybersecurity Tool 2015
FFIEC IT Examination Handbook v2016
Financial Services Sector Coordinating Council (FSSCC) vv1.0
Gramm-Leach-Bliley Act Privacy Rule v5.2000
Gramm-Leach-Bliley Act Safeguard Rule v5.2002
Higher Education Community Vendor Assessment Tool Lite (HECVAT)
HIPAA Privacy and Breach v1.0
HIPAA Security Rule v1.0
HITECH v1.0Interagency Guidelines - Information Security Standards v8.2013
International Automotive Task Force - Sanctioned Interpretations
IRS Publication 1075 v9.2016
ITAR 12.2018
MDSAP - USA: Title 21 Food and Drugs v1.0
NAIC MDL - Insurance Data Security Law 4th Quarter 2017
National Indian Gaming Commission MICS Audit Checklist Information Technology and Data
National Indian Gaming Commission MCS Audit Checklist
NERC CIP Cyber Security — BES Cyber System Categorization CIP-002-5.1a
NERC CIP Cyber Security — Security Management Controls CIP-003-8
NERC CIP Cyber Security — Personnel & Training CIP-004-6
NERC CIP Cyber Security — Electronic Security Perimeters CIP-005-6
NERC CIP Cyber Security — Physical Security of BES Cyber Systems CIP-006-6
NERC CIP Cyber Security — Systems Security Management CIP-007-6
NERC CIP Cyber Security — Incident Reporting and Response Planning CIP-008-6
NERC CIP Cyber Security — Recovery Plans for BES Cyber Systems CIP-009-6
NERC CIP Cyber Security — Configuration Change Management and Vulnerability Assessments CIP-010-3
NERC CIP Cyber Security — Information Protection CIP-011-2
NERC CIP Cyber Security — Supply Chain Risk Management CIP-013-1
NERC CIP Physical Security CIP-014-2
NIST 800-34 Contingency Planning Guide for Federal Information Systems
NIST 800-53 High Baseline Rev 5
NIST 800-53 Moderate Baseline Rev 5
NIST 800-53 Low Baseline Rev 5
NIST 800-53 Privacy Baseline Rev 5
NIST 800-53 Rev 5
NIST 800-61
NIST Cybersecurity Framework v1.1
NIST Privacy Framework v1.0 
NIST SP 800-171 A
NIST SP 800-171 Rev 1 (updated 06/07/2018)
NIST 800-171 Appendix E_v2016
NIST SP800-53 rev4
NIST SP800-53 rev4_FIXES
OCIE Cybersecurity Initiative 2014
Office for Civil Rights (OCR) Phase 2 Audit Protocol v7.2018
OWASP Level 1 v4.0
OWASP Level 2 v4.0
OWASP Level 3 v4.0
PCI DSS v3.2.1
Sarbanes Oxley Act v7.2002
SEC OCIE Cybersecurity Examination Initiative 2015
Secure Controls Framework v2021.1
SSAE16 SOC2 TSP and Privacy 2017
SAE18 SOC2 TSC v3.2020
Telephone Consumer Protection Act
Telephone Consumer Protection Act Examination Worksheet
United Postal Service Information Security Handbook
US Foreign Corrupt Practices Act
US Government Auditing Standards
Verified Internet Pharmacy Practices Site (VIPPS)

California Consumer Privacy Act AB 25
California Consumer Privacy Act AB 1130
California Consumer Privacy Act AB 1146
California Consumer Privacy Act AB 1355
California Consumer Privacy Act AB 1564
California Consumer Privacy Act AB 1202
California Proposition 65 (Safe Drinking Water and Toxic Enforcement Act of 1986)
Water Shutoff Protection Act (California Senate Bill 998)
Colorado Data Protection Act v9.2018
Connecticut Insurance Data Security Law v10.2019
Massachusetts Data Privacy Regulation v2009
New Hampshire Senate Bill 194 v8.2019
North Carolina Identity Theft Protection Act v2005
NY DFS Cybersecurity Requirements 2017
South Carolina Insurance Data Security Act
Texas Administrative Code §202 - Institutions of Higher Education v2016
Texas Administrative Code §202 - State Agencies v2016
Texas House Bill 4390 - Privacy Protection Act v6.2019
Vermont Data Broker Regulation v1.2019
Commonwealth of Virginia ITRM Standard SEC501 v11.2
COV Hosted Environment Information Security Standard SEC 525 v04.1
Virginia House Bill 2178 Minimum Security Standards

For the most up-to-date list of managed templates please visit the KnowBe4 Support Knowledgebase article: